PT-2026-22391 · Unknown · Pillow Heif

Kaizawa97

·

Publicado

2026-02-27

·

Atualizado

2026-03-04

·

CVE-2026-28231

CVSS v3.1

9.1

Crítica

VetorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
Name of the Vulnerable Software and Affected Versions pillow heif versions prior to 1.3.0
Description An integer overflow in the encode path buffer validation within pillow heif.c allows an attacker to bypass bounds checks by providing large image dimensions. This can lead to a heap out-of-bounds read, potentially resulting in information disclosure or denial of service. The issue triggers under default settings and does not require any special configuration.
Recommendations Update to pillow heif version 1.3.0 or later.

Exploit

Correção

DoS

Out of bounds Read

Integer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-125CWE-190

Identificadores relacionados

CVE-2026-28231
GHSA-5GJJ-6R7V-PH3X
OPENSUSE-SU-2026:10285-1

Produtos afetados

Pillow Heif